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DETAILED ACTION 
Claim Objections Ij;^ 
Claim 43 is objected to under 37 CFR 1.75(c), as being of improper dependent form for 
failing to further limit the subject matter of a previous claim. Apphcant is required to cancel the 
claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or rewrite the 
claim(s) in independent form. The secured files are secured files does not limit the claim 37 any 
fijrther since the files are already cited as being secured files. 



Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S. C 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such fiiU, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 36 is rejected under 35 U.S.C. 1 12, first paragraph, because the specification, 
while being enabling for permitting access form any of the locations (Fig. 5F), does not 
reasonably provide enablement for "wherein a given requestor is only able to access secured 
items using only a single one of said local servers or the central server such that the given 
requestor can only access secured items through at most one of said local servers at a time even 
though the given requestor is permitted to access secure items through more than one of said 
local servers". The specification does not enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make the invention commensurate in 
scope with these claims. Questions are raised as to where control of the access is located, at the 
client or the server, so that the user can only access one server at a time. The disclosure (Fig. 5F) 
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discloses gaining access to secure items from the first location, not the access of only a single 
one of local servers or the central server. The disclosure does not disclose that the system 
controls the number of servers that a user gains access, instead the disclosure discloses the 
control of the location that the user can access from. Is the access of only a single one of local 
server controlled by an Access control List, the location of the server, content of the server, 
encryption and key distribution? The examiner has assumed that the control of the number of 
servers accessed by the client is controlled by encryption and the distribution of keys for 
communication to a particular server. 

Double Patenting 

A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by 
canceling or amending the conflicting claims so they are no longer coextensive in scope. The 
filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 
U.S.C. 101, 

Claims 36-39 are provisionally rejected under 35 U.S.C. 101 as claiming the same 
invention as that of claims 1-4 of copending Application No. 10/076181. this is a provisional 
double patenting rejection since the conflicting claims have not in fact been patented, 
conflicting claims, elimination of such claims from all but one application may be required in the 
absence of good and sufficient reason for their retention during pendency in more than one 
application. Applicant is required to either cancel the conflicting claims from all but one 
application or maintain a clear line of demarcation between the applications. See MPEP § 822. 
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Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

i 

Claim 36 is rejected under 35 U.S.C. 102(b) as being anticipated bj^.Stallings 
(Cryptography and Network Security). 

In reference to claim 36, Stallings teaches the Keberos system comprising: a central 
server having a server module that provides overall access control (Keberos authentication server 
page 333); and a plurality of local servers, each of said servers including a local module that 
provides local access control (last paragraph on page 333), wherein the access control, performed 
by said central server or said local servers, operates to permit or deny access requests to secured 
items by requestors (Kerberos authentication server Fig 1 1.2), and wherein a given requestor is 
only able to access secured items using only a single one of said local servers or the central 
server such that the given requestor can only access secured items through at most one of said 
local servers at a time even though the given requestor is permitted to access secure items 
through more than one of said local servers (page 336 Session keys). 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
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having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-35 are rejected under 35 U.S.C. 103(a) as being unpatentable over Samson et al 
(6,339,423) in view of Boebert et al (5,502,766). 

In reference to claims 1 and 34^ Samson discloses a system and method comprising: (a) 

receiving, at a first server machine of the plurality of server machines (Fig. 2), an access request 

v' 

to access secure items from a user of a first chent machine at a first location (column 4 Unes 35- 
36), (b) authenticating the user of the first client machine at the first location (column 5 lines 30- 
45); (d) determining whether the user is permitted to gain access to secure items via the first 
location when said authenticating (b) and (c) are successfiil (column 4 line 62 to column 5 line 2) 
(e) permitting the user to gain access to secure items via the first server machine when said 
determining (d) determines that the user is permitted to gain access to secure items fi*om the first 
location (Fig 3 A and B parts 318-338), and (f) preventing the user to gain access to secure items 
via the first server machine when said determining (e) determines that the user is not permitted to 
gain access to secure items fi-om the first location (Fig 3 A and B parts 3 18-332). 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose (c) authenticating the first cUent machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine (column 4 hnes 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
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art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area. 

In reference to claims 21 and 35, Samson discloses a system and method comprising: 
receiving, at a first server machine of the plurality of server machines (Fig. 2), an access request 
to access secure items from a user of a first client machine at a first location (column 4 lines 35- 
36), authenticating the user of the first client machine at the first location (column 5 lines 30-45); 
retrieving access privileges associated with the user (column 5 lines 38-46); determining whether 
the user is permitted to gain access to secure items via the first location when said authenticating 
are successful (column 4 line 62 to column 5 line 2) permitting the user to gain access to secure 
items via the first server machine when said determining determines that the user is permitted to 
gain access to secure items (Fig 3 A and B parts 318-338), and preventing the user to gain access 
to secure items via the first server machine when said determining determines that the user is not 
permitted to gain access to secure items from the first location (Fig 3 A and B parts 3 18-332). 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 

i 
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in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claim 2, although the system of Samson discloses and authentication 
obtaining access privileges associated with the user (column 4 line 62 to column 5 line 2), 
Samson does not disclose a system of authentication wherein said determining comprises: to 
determine at least permitted locations for the user; and (d2) determining whether the user is 
permitted to gain access to secure items from the first location based on the permitted locations 
associated with the user. 

Boebert discloses a system for authentication wherein the determining comprises 
obtaining access privileges associated with the user to determine at least permitted locations for 
the user; and determining whether the user is permitted to gain access to secure items from the 
first location based on the permitted locations associated wit the user (column 4 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 
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In reference to claim 3, wherein, when permitted by said permitting (e), the user gains 
access to secure items from the first location via the first client machine and the first server 
machine. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine, 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claim 4, wherein, when permitted by said permitting (e), the user gains 
access to secure items from the first location via the first chent machine and the first server 
machine. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 



Application/Control Number: 1 0/075, 1 94 Page 9 

Art Unit: 2135 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson^- One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 5, 22, and 24, wherein said method comprises the acts of: (g) 
preventing the user from gaining access to secure items via any of the server machines other than 
the first server machine when said determining (d) determines that the user is permitted to gain 
access to secure items from the first location. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first cUent machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). The user is only permitted to access the resource from a 
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particular location therefore since the other locations are not permitted to access the resource the 
no other server will permit access. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson, One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 6 and 23, wherein said determining (d) comprises determining 
whether the user is permitted to gain access to secure items via the^irst client machine and the 
first server machine, and wherein said permitting (e) operates to permit the user to gain access to 
secure items via the first client machine and the first server machine when said determining (d) 
determines that the user is permitted to gain access to secure items via both the first client 
machine and the first server machine. 

Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access from the 
location (column 4 lines 26-35). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the, engineering area (column 4 
lines 35-45). \ 

In reference to claim 7, wherein said determining comprises determining whether the 
user is permitted to gain access to secure items via the first server machine, and wherein said 
permitting operates to permit the user to gain access to secure items via the first server machine 
when said determining determines that the user is permitted to gain access to secure items via the 
first server machine (Fig 2 and 3). 

In reference to claim 8, wherein said determining (d) comprises determining whether the 
user is permitted to gain access to secure items via the first client machine, and wherein said 
permitting (e) operates to permit the user to gain access to secure items via the first client 
machine when said determining (d) determines that the user is permitted to gain access to secure 
items via the first client machine (Fig 2 and 3). 

In reference to claim P, wherein said method comprises the acts of: (g) preventing the 
user from gaining access to secure items via any of the server machines other than the first server 
machine when said determining (d) determines that the user is permitted to gain access to secure 
items from the first location. 
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Although the system of Samson discloses and authentication process for the user, the 
system does not disclose authenticating the first client machine. 

Boebert discloses a system for providing the secure transfer and sharing of data via a 
local area network (abstract). The system comprises an identification and authentication process 
for the user and the client machine and determining whether user is permitted access fi'om the 
location (column 4 lines 26-35). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 10 and 25^ wherein said preventing (g) of the user to gain access to 
secure items via any of the other server machines comprises reconfiguring at least any of the 
other server machines that previously permitted the user to gain access to secure items 

therethrough. j 

>, 

Although Samson discloses preventing the user to gain access to secure items via any of 
the other server machines, Samson does not disclose preventing access to the server machine by 
reconfiguring at least any of the other server machines that previously permitted the user to gain 
access, Boebert also does not disclose the reconfiguration. However, Boebert discloses 
controlling access to the resource using keys. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to revoke the key from the user when the user is no longer permitted access in the 
system of Boebert. One of ordinary skill in the art would have been motivated to do this because 
when the user is no longer permitted to access the resource revoking the key would discourage 
fraudulent activities. 

In reference to claims 11 and 26, wherein said permitting of the user to gain access to 
secure items via the first server machine comprises reconfiguring the first server machine to 
permit access by the user to secured items via the first server machine. 

Although Samson discloses preventing the user to gain access to secure items via any of 
the other server machines, Samson does not disclose preventing access to the server machine by 
reconfiguring at least any of the other server machines that previously permitted the user to gain 
access. Boebert also does not disclose the reconfiguration. However, Boebert discloses 
controlling access to the resource using keys. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to revoke the key from the user when the user is no longer permitted access in the 
system of Boebert. One of ordinary skill in the art would have been motivated to do this because 
when the user is no longer permitted to access the resource revoking the key would discourage 
fraudulent activities. 

In reference claim 12 wherein said determining (d) comprises: obtaining access 
privileges associated with the user to determine at least permitted locations for the user; and 
determining whether the user is permitted to gain access to secure items fi-om the first location 
based on the permitted locations associated with the user. 
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Although the system of Samson discloses and authentication obtaining access privileges 
associated with the user (column 4 line 62 to column 5 line 2), Samson does not disclose a 
system of authentication wherein said determining comprises: to determine at least permitted 
locations for the user; and (d2) determining whether the user is permitted to gain access to secure 
items from the first location based on the permitted locations associated with the user. 

Boebert discloses a system for authentication wherein the determining comprises 
obtaining access privileges associated with the user to determine at least permitted locations for 
the user; and determining whether the user is permitted to gain access to secure items from the 
first location based on the permitted locations associated wit the user (column 4 lines 27-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 13 and 27 wherein said permitting of the user to gain access to 
secure items via the first server machine comprises reconfiguring the first server machine to 
permit access by the user to secured items via the first server machine (column 5 lines 475-60). 

In reference to claims 14 and 28 wherein each of the secure items is a secured file, the 
secured file having a format that comprises a header including security information as to who 
and how the secure item can be accessed, an encrypted data portion including data of the secure 
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file encrypted with a file key according to a predetermined cipher scheme, and wherein the 

header is attached to the encrypted data portion to generate the secured file. 

I' 

Samson does not disclose an encrypted data portion. However Boebert discloses each of 
the secure items is a secured file, the secured file having a format that comprises a header 
including security information as to who and how the secure item can be accessed, an encrypted 
data portion including data of the secure file encrypted with a file key according to a 
predetermined cipher scheme, and wherein the header is attached to the encrypted data portion to 
generate the secured file (Fig. 12), 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 15 and 29, wherein the security information in the header of the 
secured file facilitates the restricted access to the secured file. 

Boebert discloses a system wherein the security information in the header of the secured 
file facilitates the restricted access to the secured file (part 90 Fig. 8). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
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art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claim 16, wherein the security information in the header of the secured 
file points to or includes the access rules and a file key. 

Boebert discloses the security information in the header of the secured file points to or 
includes the access rules and a file key (Fig. 10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 17 and 30, wherein the security information is encrypted with a 
user key associated with a user. 

Boebert discloses the security information is encrypted witfi a user key associated with a 
user (Fig. 12). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
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art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 18 and 31, wherein the security information includes the file key 
and access rules to the restricted access to the secured file. 

Boebert discloses security information includes the file key and access rules to the 
restricted access to the secured file (Fig. 16). 

At the time the invention was made, it would have been obvious to a person of ordinary 

skill in the art to add the system of authenticating the client machine as well as the human user as 

* f 

in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 

\' 

art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 19 and 32 wherein the file key is retrieved to decrypt the encrypted 
data portion in the secured file when access privilege of the user is within access permissions by 
the access rules. 

Boebert discloses retrieving the file key to decrypt the encrypted data portion in the 
secured file when access privilege of the user is within access permissions by the access rules 
(Fig. 16). 
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At the time the invention was made, it would have been obvious to a person of ordinary 

i 

skill in the art to add the system of authenticating the client machine as well as the human user as 
in the system of Boebert in that authentication process of Samson. One of ordinary skill in the 
art would have been motivated to do this because it enables the implementation of sophisticated 
security policies by the Secure Computer such as the user may be authorized to access 
engineering drawings, but only form terminals located inside the engineering area (column 4 
lines 35-45). 

In reference to claims 20 and 33, wherein the access rules are expressed in a markup 
language. Samson and Boebert do not disclose the access rules are expressed in a markup 
language. However at the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to use a markup language to express the access rules. One of ordinary 
skill in the art would have been motivated to do this because markup languages are a set of codes 
in a text file that instruct a computer how to format it on a printer or video display or how to 
index and link its contents and therefore it would determine how to index the content based on 
the access rules. 

Claims 37-42 are rejected under 35 U.S.C. 103(a) as being unpatentable over Stallings as 
applied to claim 36 above, and fiirther in view of Skarbo et al (6,3 17,777). 

In reference to claim 37, wherein said access control system couples to an enterprise 
network to restrict access to secured files stored therein. 
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Stallings discloses the authentication to access to a service, however Stallings does not 
disclose access control system couples to an enterprise network to restrict access to secured files 
stored therein. 

Skarbo discloses a document-collaboration videoconferencing system between na first 
and a second conference attendee (abstract). The system comprises access control system 
couples to an enterprise network to restrict access to secured files stored therein (Fig. 4). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art that the service provided by the server after authentication should be an enterprise 
network to restrict access to secured files stored therein as in the system taught by Skarbo in the 
server disclosed by Stallings. One of ordinary skill in the art would have been motivated to do 
this because the system would reliably deliver conferencing data to conference participants 
(Skarbo column 1 lines 45-50). 

In reference to claim 38, wherein the access requests are at least primarily processed in a 
distributed manner by said local servers (Fig. 1 1.2). 

In reference to claim 39, wherein when the access requests are processed said local 
servers, the requestors gain access to the secured files without having to access said central 
server (Fig. 11.2). 

In reference to claim 40, wherein the local module can be a copy of the server module so 
any of the local modules can operate independent of said central server and other of said local 
servers (Fig. 11.2). 

In reference to claim 41, wherein the local module can be a subset of the server module 
(Fig. 11.2). 
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In reference to claim 42, wherein access permissions for said local servers can be 
dynamically configured to pass a requestor from one of said local servers to another of said local 
servers, thereby enabling access control to be performed by the another of said local servers such 
as when the location of the requestor changes (Fig. 11. 2 multiple kerberi). 

Claim 44 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stallings and 
Boebert as applied to claim 37 above, and further in view of Pensak (6,449,721 Bl). 

In reference to claim 44, wherein the secured files are secured by encryption. 

Although Stallings discloses the exchange of session keys, Stallings does not expressly 
disclose that the service is secured by encryption. 

Pensak discloses secured files are secured by encryption (Fig. 1). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to secure the files by encryption as in Pensak in the system of Stallings. One of 
ordinary skill in the art would have been motivated to do this because encryption is a process for 
encoding data that prevents unauthorized access especially during transmission. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to. 5:30 p:m. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or PubUc PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-2 1 7-9 1 97 (toll-free). 



PWK 

Thursday, September 29, 2005 




